Posts Tagged ‘phishing’

Lookout mobile security has identified 1000 malicious applications in less than six months.
Previously the most of the malicious apps where located on third-party app stores, and alternatives to the official Android Market.Lookout mentions that the likelihood of an Android user encountering malware increases from 1 to 4 percent yearliy and the U.S. is placed in the middle of mobile malware, compared to other countries.
Another malware action is when Android users are convinced to click on untrusted links that lead to malware and phishing sites.
The global yearly likelihood of an Android user clicking on an unsafe link is much higher and reaches 36 percent (6 percent higher than July 2011) and the likelihood in the U.S. is 40 percent.
Another issue that Lookout detected is “mobile pickpocketing”, which is applications and malware that charges the phone owner without his knowledge.
There are also the RuFraud applications that pretend to be free wallpapers finder and popular games, but hide terms that allow the service to charge the phone owner, without his knowledge.Lookout believes that many of these incidents will be reported, and also botnets, malware that exploits weaknesses in mobile operating systems, browser-based attacks , malware hiding in mobile advertisements and tools that allow automatic repackaging of legitimate applications to add malware.Lookout finally suggests to avoid using third-party application stores, avoid clicking on in-app advertisements, and beware when clicking on apps that ask you to click “OK”. Users should first check any reviews before downloading any application, and mainly those related with games, ulitities and porn, which are most likely to contain malware.

Earlier this week, the Center for Disease Control (CDC) issued a new malware scam, to warn citizens about a large malware campaign exploiting the public awareness of phishing attacks and the interest in H1N1 vaccinations.

The E-mail security company AppRiver detected a large amount of fake CDC e-mails which were sent at a rate of nearly 18,000 messages per minute, reaching more than 1 million in the first hour alone, according to the company’s blog post.

The e-mails claim users to register for a new state vaccination programm by creating a personal H1N1 vaccination profile at a fraudulent web page of CDC. However, anyone who clicks on the link, his computer is infected with malware, an executable copy of ZBot trojan horse. This trojan, also known as Zeus, powers one of the most active botnets which steal data of compromised machines.

According to the security company Sunbelt Software’s report, ZBot is listed as the second most prevalent malware threat.

Malware propagation can be succesful in a situation where social engineering is dominatinated by technology due to the public awareness and fear.